cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"Red Envelope" Procedure for emergency user?

Go to solution
former_member196000
Explorer

on ‎10-18-2005 3:08 PM

0 Kudos

Hello,

I would like to know if there is a functionality in SAP where certain users are able to automatically activate a special user with SAP_ALL & SAP_NEW in case of an emergency (of whatever kind).

Ideally it would be a transaction where someone requests the user, with reason &, and the program would automatically unlock the user with a validity date of 1 day, provide the password and set a trace for this emergency user. The data of the request should be stored as well.

Does anyone know of a function of this kind?

It is needed for R/3 & BW.

Thanks a lot in advance!

Regards,

Daniel Geers

Düsseldorf, Germany.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member181887
Active Contributor
‎10-18-2005 3:24 PM
0 Kudos

Hi Daniel,

I'm not aware of a single transaction to do this but I do not expect it would be to difficult for an ABAP programmers to code (assuming you only are talk about the AS ABAP).

Basically you need the following:

1. A "operations" user that can change a super-users validity date (usually should be expired but opened in case of an emergency).

2. The user should also be able to start a user trace on the super-user.

3. The super-user and operations users' passwords are changed after the end of the emergency work.

The password for the operations user and the should be stored in the data center and only opened when a emergency is authorized.

Just some thoughts about what I have seen work.

Cheers,

Mike.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎10-18-2005 3:45 PM
0 Kudos

Hi Daniel,

I don't believe that there is a SAP standard procedure but we implemented such a functionality like this:

- Some users have authorizations to call SU01 for a user called e.g. NOTFALL (which has SAP_ALL)

- The unlocking, setting of valid date, resetting password, writing logging information, informing the IT Security department and so on is done by a Z-Report

- This Z-Report is called in include LSUU1F01 (at the end of form CHANGE_DOCUMENTS_USH02).

- also the user is locked and the password is resetted again with a daily running batch job

This works fine in R/3 4.6C even if it's containing a very small modification

Regards

Jürgen

Show replies
Show replies
Ask a Question